For a computing device to operate on a network, it must have a valid network address so that information can be routed to the device. In many networks, addresses are assigned dynamically by an access control server as devices seek to connect to the network. The access control server may use the Dynamic Host Configuration Protocol (DHCP), which is implemented by many networks and provides a mechanism for a device to obtain a network address.
DHCP has been defined for both IPv4 and IPv6 and it specifies a series of messages that can be exchanged between a device and a DHCP server to provision a device with a network address. By using these messages, a device connecting to a network, can locate a DHCP server on the network and request an address appropriate for use on that network. Conversely, the DHCP server can receive and process the request and, in response, provide a network address to the device.
In addition to enabling a device to connect to a network, a network address may also serve as a form of network credential, allowing only devices that have received that credential to communicate over the network. Microsoft Corporation provides a product, called Network Access Protection™, which enhances network security by limiting the distribution of network addresses to only those devices that have a security configuration that complies with a network access policy set by a network administrator. For example, a DHCP server may decline to give a network address to a device with an out-of-date or mis-configured firewall or anti-virus software, preventing that device from acting as a point of attack on the network or infecting the network with a virus.
In the Network Access Protection™ product, a device seeking access to a network provides a “statement of health,” which contains information about the configuration of the device as it relates to vulnerabilities of the device or a network to which that device may connect. For example, the statement of health may indicate the brand and version of anti-virus software in use on the device. Other information in the statement of health may indicate whether a firewall in the device is enabled and settings of the firewall.
An access control server, which may be a DHCP server, compares the statement of health to an access policy set by a network administrator. If the statement of health complies with the policy, the access control server may provide a network address to allow the device to access the network. Conversely, if the statement of health indicates the device is out of compliance with the network access policy, the access control server may simply decline to provide a network address or may provide remediation information, which the device can use to upgrade its software, adjust settings of protective components or otherwise become compliant with the network access policy.
In another application, a network administrator may modify some of the configuration parameters for the network. The DHCP protocol provides for a Reconfigure option that a DHCP server may use to notify the clients on the network to discard their current network configuration information and obtain an updated network configuration from the server. This option can make the client vulnerable to attack by a rogue server, which can force clients on the network to modify their network configuration. The Reconfigure option is hence not recommended for use without a security mechanism that permits the client to validate that the Reconfigure request originates at a trusted DHCP server and is authorized by the network administrator.